GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,798
Composer 4,249
Erlang 31
GitHub Actions 21
Go 2,018
Maven 5,203
npm 3,723
NuGet 662
pip 3,400
Pub 11
RubyGems 890
Rust 857
Swift 36

Unreviewed advisories

All unreviewed 236,340

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

299 advisories

Filter by severity

Sort by

Least recently updated

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed

CVE-2023-6630 was published Jan 11, 2024

An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal... Moderate Unreviewed

CVE-2023-48783 was published Jan 10, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully... Moderate Unreviewed

CVE-2023-51503 was published Dec 31, 2023

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to... Moderate Unreviewed

CVE-2023-46646 was published Dec 21, 2023

Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP... Moderate Unreviewed

CVE-2023-49765 was published Dec 21, 2023

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce... Moderate Unreviewed

CVE-2023-32747 was published Dec 21, 2023

Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress... Moderate Unreviewed

CVE-2023-47191 was published Dec 21, 2023

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple... Moderate Unreviewed

CVE-2023-32799 was published Dec 21, 2023

Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial... Moderate Unreviewed

CVE-2023-36520 was published Dec 20, 2023

Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart... Moderate Unreviewed

CVE-2023-41796 was published Dec 20, 2023

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media... Moderate Unreviewed

CVE-2023-38513 was published Dec 20, 2023

Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects... Moderate Unreviewed

CVE-2022-43450 was published Dec 20, 2023

Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap... Moderate Unreviewed

CVE-2023-49812 was published Dec 19, 2023

Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to... Moderate Unreviewed

CVE-2023-46701 was published Dec 12, 2023

Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view... Moderate Unreviewed

CVE-2023-6341 was published Nov 30, 2023

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed

CVE-2023-6226 was published Nov 28, 2023

SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a... Moderate Unreviewed

CVE-2023-33706 was published Nov 24, 2023

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows... Moderate Unreviewed

CVE-2023-47316 was published Nov 22, 2023

Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized... Moderate Unreviewed

CVE-2023-43900 was published Nov 14, 2023

NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal... Moderate Unreviewed

CVE-2023-41356 was published Nov 3, 2023

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization... Moderate Unreviewed

CVE-2023-4836 was published Oct 31, 2023

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed

CVE-2023-3869 was published Oct 20, 2023

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed

CVE-2023-3998 was published Oct 20, 2023

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS... Moderate Unreviewed

CVE-2022-24400 was published Oct 19, 2023

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed... Moderate Unreviewed

CVE-2023-3706 was published Oct 16, 2023

Previous 1 2 3 4 5 6 7 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

299 advisories